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Xceed Encryption Library allows apps to encrypt & decrypt data 
... For traditional strong encryption, the library supports the new AES (US Advanced 
Encryption Standard) symmetric encryption algorithm known as Rijndael which ... 
www.hallogram.com/xceedencrypt/ -11k- Cached - Similar pages 

BasicCard - Cryptography functions 

... IDEA: International Data Encryption Algorithm The IDEA library implements the 
International Data Encryption Algorithm, a block cipher with a 128-bit key size. ... 
www.basiccard-com/crypto.htm - 15k - Cached - Similar pages 

QuIckCrypt Library - Implementation of 7 most popular encryption ,■■ 

... A highly optimized implementation of the most popular encryption algorithms. The 
library allows Windows developers to perform encryption/decryption for memory ... 
www.slavasoft.com/quickcrypt/ - 52k - Cached - Similar pages 

Free Encryption / Cry pto graphic Libraries and Source Code .,. 

... Use this library to add encryption and authentication sen/ices to your program. 

You can choose from a multitude of encryption and authentication algorithms: ... 

www-thefreecountry.com/sourcecode/encryption.shtml - Similar pages 

Xceed Encryption Library free download. Xceed Encryption Library ■■■ 

... traditional strong encryption, the library supports the newly adopted AES (US Advanced 
Encryption Standard) secret-key encryption algorithm (Rijndael), which ... 
www.freedownloadscenter.com/Programming/ ActiveX/Xceed_Encryption_Library.html - 26k - 
Cached - Similar pages 

Open Directory - Science: Math: Applications: Communication Theory ... 
... A library for the TMS320C54x DSP, contains algorithms for symmetric block ciphers, 
one-way hash functions, public key encryption and digital signature. ... 

dmoz.org/Science/Math/Appiications/ Communication_Theory/Cryptography/Programming_Libraries/ - 14k - 
Cached - Similar pages 

Free Software Directory: Encryption 

... MPE2 - [GPL] - 2002-02-11 Key encryption algorithm. Nettle - [The GNU General Public 
License, Version 2 or later] - 2004-10-26 Cryptographic library. ... 

directory.fsf.org/security/crypt/ - 1 1k - Jan 30, 2005 - Cached - Similar pages 

System. Security.Cryp tograph y Namespace (.NET Framework) 

... for the input data using the managed library. ... all implementations of symmetric algorithms 

must inherit ... base class for Triple Data Encryption Standard algorithms ... 

msdn.microsoft.com/library/en-us/ cpref/html/frlrfSystemSecurityCryptography.asp - 29k - Cached - Similar pages 
Encryption using OpenSSUs crypto libraries 

... OpenSSL's libcrypto is a really good library if you want to use encrypti n without 
bothering with the details of underlying implementation of the alg rithm. ... 
www.faqs.org/docs/gazette/encryption.html - 14k - Cached - Similar pages 

Welcome to Xceed Encryption Library 
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... For traditional strong encrypti n, the library supports the newly adopted AES (US 
Advanced Encrypti n Standard) secret-key encrypti n alg rithm known as ... 
doc.xceedsoft.com/products/Encryption/ sources/welcome_to_xceed_encryptlon_!ibrary.htnn - 8k 
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AspEncrypt Component 

www.aspencrypt.com Data encryption, secure mail, certs, digital signatures for ASP 
EasyByte Cryptocx v5 

www.easybyte.com/ Easy to use Powerful Encryption component that also supports PGP 



Sponsored Links 



marketplace for web-based 



InternetComponent.conn 
internet ,., 

... Encryption Library is an ActiveX component that supports the latest 
industry-standard strong encryption algorithms and offers both 
symmetrical and public-key ... 

www.internetcomponentcom:8080/icsite/rfc.jsp - 57k - 
Cached - Similar pages 

lnternetComponent.com - marketplace for web-based 
internet ,■, 

... Description: Encryption Library is an ActiveX component 
that supports the latest industry-standard strong encryption 
algorithms and offers both symmetrical and ... 
www.internetcomponent.com:8080/ icsite/RfcDetails.jsp? 
rfcld=1 0 - 20k - Cached - Similar pages 
f More results from www.internetcomponent.com 1 



Sponsored Links 

AES Encrypt Zip Component 
Encryption & Zip Compression 
ActiveX .NET DLL Static Lib VCL 
www.innermedia.com 

Polar Crypto Component 
Complete encryption solution for 
your application. Full source code. 
www.polarsoftware.com 

Encryption Components 

NET, ActiveX, DLL, VCL, MFC, Delphi 
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[PDF] Toward a Reusable and Generic Security Aspect Library 1 ... 
File Format: PDF/Adobe Acrobat - View as HTML 

... which would be a software component for implementing ... JSAL is composed of 
reusable security aspects. ... of security aspects: Encryption/Decryption Authentication ... 
www.cs-kuleuven.ac.be/-'distrinet/ events/aosdsec/AOSDSEC04_Minwell_Huang.pdf - 
Similar pages 



UML 2 Component Diagram 

... the other component implements the Encryption interface much ... Creating the Student 
component as shown in ... time implement a large-scale, reusable domain component ... 

www.agilemodeling.conn/artifacts/componentDiagram.htm - 51k - Jan 31, 2005 - 
Cached - Similar pages 

GRIDtoday: THE ROI ON COTS: INDUSTRY'S STUDY REVEALS SCALE OF „■ 
... C mponents. E-mail Components, Encryption Components, Security & ... market 
leader for reusable components, ComponentSource has ... with over 700 component 
vendors and ... 

www.gridtoday.com/02/0902/100314.html - 12k - Jan 31, 2005 - Cached - Similar pag es 

[PDF] Designing Reusable Components in VHDL 

File Format: PDF/Adobe Acrobat - View as HTML 

... design methodology used in each reused c mponent is also ... LPM[5] presents fea- 
ture-oriented reusable design ... edu/dalton/8051 5763 DES encryption/description 
(1999 ... 

www.iit.edu/-agunsal/research/ Designing%20Reusable%20Components%20in% 
20VHDL%20ASIC2000.PDF - Similar pages 
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... functional properties or - if no such solution exists - how to create a reusable one ... 
Finally, the Encrypti n component fulfils (offers) the Security contract ... 
www.qccs.org/Chapter%20Book.pdf- Similar pages 

[PDF] www.componentsource.com 

File Format: PDF/Adobe Acrobat - View as HTML 

... With over 9.000 reusable COTS components and Web ... VC++ 10% 12,384 43 
$433,451 $999 434 Encryption Components Desaware File Property Component 11,000 
C++ 10... 

www.componentsource.com/Services/ ROI_on_COTS_Components_White_Paper.pdf- 
Similar pages 

LOGON Software - Solutions 

... a good encryption mechanism is ... pre, prepackaged components, programmer, 
programmers ... prolog, reporting, reseller, reusable components, reusable software, 
reuse ... 

www.logon-int.com/Solution.asp?ID=52 - 58k - Cached - Similar pages 

LOGON Software - softwinter software sentry 2020 for windows nt 

... prolog, reporting, reseller, reusable components, reusable software, reuse ... add-ons, 

software components, software reuse ... is a data encryption software utilizing ... 

www.logon-int.com/Product.asp?sProdClassCode=SWR-P-01 - 90k - 

Cached - Similar pages 
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Abstract 

This document specifies the security policy for the Kernel Mode Cryptographic 
Module. (FIPS.SYS) as described In FIPS PUB 140-1. 

1^ Top of page 

Intr ducti n 

Microsoft Kernel Mode Cryptographic Module (HPS. SYS) is a FIPS 140-1 Level 1 
compliant, general-purpose, software-based, cryptographic module residing at 
the Kernel Mode level of the Windows Operating System. It runs as a kernel 
mode export driver (a kernel-mode DLL) and encapsulates several different 
cryptographic algorithms in an easy-to-use cryptographic module accessible by 
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other kernel mode drivers. It can be linked into other kernel mode services to 
permit the use of FIPS 140-1 Level 1 compliant cryptography. 

Cryptographic Boundary 

The Kernel Mode Cryptographic Module (FIPS. SYS) consists of a single kernel 
mode export driver (SYS). The cryptographic boundary for FIPS. SYS is defined 
as the enclosure of the computer system on which the cryptographic module is 
to be executed. The physical configuration of the module, as defined in FIPS 
PUB 140-1, is Multi-Chip Standalone, 

'^ Top of page 

Security Policy 

FIPS. SYS operates under several rules that encapsulate its security policy. 

• FIPS. SYS is supported on Windows 2000 with Service Pack 2 or later. 

• FIPS. SYS relies on Microsoft Windows 2000 for the authentication of users. 

• FIPS. SYS enforces a single role. Authenticated User, which is a combination 
of the User and Cryptographic Officer roles as defined in FIPS PUB 140-1. 

• Ail users authenticated by Microsoft Windows 2000 employ the Authenticated 
User role. 

• All cryptographic services implemented within FIPS. SYS are available to 
kernel mode system services, which are a part of Windows operating system 
trusted computer base (TCB). 

• Windows 2000 operating system requires each user to be successfully 
authenticated before any system services may act on behalf of that user. 

• Ail services implemented within FIPS. SYS are available to the Authenticated 
User role. 

« Keys created within FIPS. SYS for one user are not accessible to any other 
user via FIPS. SYS. 

FIPS. SYS performs the following self-tests upon power up: 

• DES ECB encrypt/decrypt 

• 3DES (3 key) ECB encrypt/decrypt 

• DES CBC encrypt/decrypt 

• 3DES (3 key) CBC encrypt/decrypt 

• 3DES ECB encrypt/decrypt 

• SHA-1 hash 
Top of page 

Specification of Roles 

FIPS. SYS combines the User and Cryptographic Officer roles (as defined in FIPS 
PUB 140-1) into a single role hereon called the Authenticated User role. The 
Authenticated User may access all services implemented in the cryptographic 
module. Windows 2000 operating system requires each user to be successfully 
authenticated before any system services may act on behalf of that user. 
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To use a DES or Triple DES function, a kernel mode system service needs to 
provide a DES or Triple DES key respectively to the crypto module. Keys are 
zeroized after HPS. SYS completes a DES or Triple DES function with the keys. 

Maintenance Roles 

Maintenance roles are not supported by FIPS.SYS. 
Multiple Concurrent Operators 

FIPS.SYS is intended to run on Windows 2000 with Service Pack 2 or later in 
Single User Mode. When run in this configuration, multiple concurrent operators 
are not supported. 

1" Top of page 

Specification of Sfervices 

The following list contains all services available to an operator. All services are 
accessible by all Authenticated Users, the one and only role supported by 
FIPS.SYS. 

Key Storage 

FIPS.SYS does not store keys. DES and Triple DES keys are zeroized after used. 

Cryptographic Module Power Up and Power Down 
DriverEntry 

Each Windows 2000 driver must have a standard Initialization routine 
DriverEntry in order to be loaded. The Windows 2000 Loader is responsible to 
call the DriverEntry routine. The DriverEntry routine must have the following 
prototype. 



NTSTATUS 

(*PDRIVER_INITIALIZE) ( 

IN PDRIVEK.OBDECT On* verobject , 

IN P UNICODE _STRING RegistryPath 

); 



The input DriverObject represents the driver within the Windows 2000 system. 
Its pointer allows the DriverEntry routine to set an appropriate entry point for 
its DriverUnload routine in the driver object. 

The RegistryPath input to the DriverEntry routine points to a counted Unicode 
string that specifies a path to the driver's registry key 
\Registry\Machine\System\CurrentControlSet\Services\FIPS. 

DriverUnload 

It is the entry point for the driver's unload routine. The pointer to the routine is 
set by the DriverEntry routine in the DriverUnload field of the DriverObject 
when the driver initializes. An Unload routine is declared as follows: 



VOID 

C*PDRIVER„UNLOAD) ( 

IN PDRIVER_0BJECT DriverObject 
); 
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When the driver is no longer needed, the Windows 2000 Kernel is responsible to 
call the DriverUnload routine of the associated DriverObject. 

Key Formatting 

The following functions provide interfaces to the cryptomodule's key formatting 
functions. 

FipsDesKey 



VOID 

FipsDesKeyC 

DESTable * pDesTable. 
UCHAR * pbKey 
) 

The FipsDesKey function formats a DES cryptographic session key into the form 
of a DESTable struct. It fills in the DESTable struct with the decrypt and encrypt 
key expansions. Its second parameter points to the DES key of DES_BLOCKLEN 
(8) bytes. FipsDesKey zeroises its copy of the key before returning to the caller. 

Fips3Des3Key 



VOID 

Fips3Des3Key( 

DES STABLE * pDES3Table, 

UCHAR * pbKey 

) 



The Fips3Des3Key function formats a Triple DES cryptographic session key into 
the form of a DESBTable struct. It fills in the DES3Table struct with the decrypt 
and encrypt key expansions. Its second parameter points to the Triple DES key 
of 3 * DES_BLOCKLEN (24) bytes. Fips3Des3Key zeroises its copy of the key 
before returning to the caller. 

Random Number Generation 
FipsGenRandom 



BOOL 

FiPSGenRandomC 

in OUT UCHAR * pb, 

IN ULONG Cb 

); 



The FipsGenRandom function fills the buffer pb with cb random bytes produced 
using a FIPS 140-1 compliant pseudo random number generation algorithm. 
The algorithm is the SHS based RNG from FIPS 186. Internally, the function 
compares each 160 bits of the buffer with the next 160 bits. If they are the 
same, the function returns FALSE. The caller may optionally specify the initial 
160 bits in the pb buffer for the initiation of the comparison. This initial 160 bit 
sequence is used only f r the comparison algorithm and it is not intended as 
caller supplied random seed. 

Data Encrypt! n and Decryptl n 

The following functions provide interfaces to the cryptomodule's data encryption 
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and decryption functions. 
FipsDes 



VOID 

FipsDes C 

UCHAR * pbOut, 

UCHAR * pbin, 

void * pKey, 

int iOp 
); 



The FipsDes function encrypts or decrypts the Input buffer pbIn using DES, 
putting the result into the output buffer pbOut. The operation (encryption or 
decryption) is specified with the iOp paranneter. The pKey is a DESTabie struct 
pointer returned by the FipsDesKey function. FipsDes zeroises its copy of the 
DESTabie struct before returning to the caller. 

FipsDesS 



VOID 

Fips3Des( 

UCHAR * pbIn, 

UCHAR * pbOut, 

void * pKey, 

int op) 



The FipsDes3 function encrypts or decrypts the input buffer pbIn using Triple 
DES, putting the result into the output buffer pbOut. The operation (encryption 
or decryption) is specified with the op paranneter. The pkey is a DES3Tab!e 
struct returned by the Fips3Des3Key function. FipsDes3 zeroises its copy of the 
DES3Table struct before returning to the caller. 

FipsCBC 



BOOL Fi 


PSCBCC 


ULONG 




Enc ryptionType, 


DWORD 




dwBlockLen, 


BYTE 


* 


output, 


BYTE 


* 


input, 
keyTalile, 


void 


* 


int 




op, 


BYTE 


* 


feedback 



The FipsCBC function encrypts or decrypts the input buffer input using CBC 
mode, putting the result into the output buffer output. The encryption algorithm 
(DES or Triple DES) to be used is specified with the EncryptlonType parameter. 
The operation (encryption or decryption) is specified with the op parameter. 

If the EncryptlonType parameter specifies Triple DES, the keyTable is a 
DES3Table struct returned by the Fips3Des3Key function. If the EncryptlonType 
parameter specifies DES, the keyTable is a DESTabie struct returned by the 
FipsDesKey function. 

This function encrypts just one block at a time and assumes that the caller 
knows the algorithm block length and the buffers are of the correct length. 
Every time when the function is called, it zeroises its copy of the DES3Table or 
DESTabie struct before returning to the caller. 
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Hashing 

The following functions provide interfaces to the cryptomodule's hashing 
functions. 

FjpsSHAInit 



void 

FipsSHAlnitC 

A^SHA^CTX * hash_context 
) 



The FipsSHAInit function initiates the hashing of a stream of data. The output 
hash_context is used in subsequent hash functions. 



FipsSHAUpdate 



void Fi psSHAUpdateC 
A_SHA_CTX * hash_context , 

UCHAR * pb, 

unsigned int cb 
) 



The FipsSHAUpdate function adds data pb of size cb to a specified hash object 
associated with the context hash_context. This function can be called multiple 
times to compute the hash on long data streams or discontinuous data streams. 
The FipsSHAFInal function must be called before retrieving the hash value. 

FipsSHAFinal 



void FipsSHAFinal ( 

A^SHA^CTX * hash_context, 
unsigned char [A_SHA_DIGEST_LEN] hash) 

The FipsSHAFinal function computes the final hash of the data entered by the 
FipsSHAUpdate function. The hash is an array char of size A_SHA_DIGEST_LEN 
(20). 

Acquiring a Table of Pointers to FipsXXX Functions 

A Icernel mode user of the FIPS.SYS driver must be able to reference the 
FipsXXX functions before using them. The user needs to acquire the table of 
pointers to the FipsXXX functions from the FIPS.SYS driver. The user 
accomplishes the table acquisition by building a Fips function table request irp 
(I/O request packet) and then sending the irp to the FIPS.SYS diver via the 
loCallDriver function. Further information on irp and loCallDriver can be found 
on Microsoft Windows 2000 Driver Development Kit. 

^ Top of page 

Cryptographic Key Management 

The FIPS.SYS cryptomodule manages keys in the following manner. 
Key Material 

FIPS.SYS use keys provided by the caller for the following algorithms: DES, 
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3DES and 3DES 112. 
Key Generati n 

Random keys can be generated by calling the FipsGenRandom() function. DES 
key generated In this way meet the requirements described In FIPS PUB 46-2 
and HPS PUB 81. 

Key Entry and Output 

DES keys can be Imported Into FIPS. SYS via FipsDesKey(). DESTabie struct can 
be exported out of FIPS. SYS via FipsDesKey(). DESTabie struct can be Imported 
Into FIPS. SYS via FlpsDes() or FlpsCBC(). 

Triple DES keys can be Imported into FIPS.SYS via Flps3Des3Key(). DES3Table 
struct can be exported out of FIPS.SYS via Fips3Des3Key(). DES3Table struct 
can be Imported into FIPS.SYS via Fips3Des3() or FipsCBC(). 

Key Storage 

FIPS.SYS does not store keys, DES and Triple DES keys and their associated 
DESTabie and DES3Table struct are zeroized after used. 

Key Archival 

FIPS.SYS does not archive cryptographic keys. All key copies inside FIPS.SYS 
are destroyed and their memory location zeroized after used. It Is the caiier's 
responsibility to maintain the security of DES and Triple DES keys when the 
keys are outside FIPS.SYS. 

Key Destruction 

All DES and Triple DES key copies and their associated DESTabie and 
DES3Table struct copies inside FIPS.SYS are destroyed and their memory 
location zeroized after they have been used In FipsDes, FlpsDes3, or FipsCBC, 

^ Top of page 

Self-Tests 

Mandatory 

Software tests via a DES MAC of library image 

• DES ECB encrypt/decrypt KAT 

• 3DES ECB encrypt/decrypt KAT 

• DES CBC encrypt/decrypt KAT 

• 3DES CBC encrypt/decrypt KAT 

• SHA-1 hash KAT 
^ Top of page 

Miscellaneous 

The following Items address requirements not addressed above. 

Cryptographic Bypass 

Cryptographic bypass is not support in FIPS.SYS. 
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Operation Authentication 

FIPS.SYS inherits all authentication from the Microsoft Windows 2000 operating 
system upon which it runs. Microsoft Windows 2000 requires authentication 
from a trusted control base (TC8) before a user is able to access system 
services. Once a user is authenticated from the TCB, a process is created 
bearing the Authenticated User's security token. All subsequent processes and 
threads created by that Authenticated User are implicitly assigned the parent's 
(thus the Authenticated User's) security token. Every user that has been 
authenticated by Microsoft Windows 2000 is naturally assigned the 
Authenticated User role. 

Operating System Security 

The FIPS.SYS cryptomodule Is intended to run on Windows 2000 with Service 
Pack 2 or later in the Single User Mode. 

When the Windows 2000 operating system Loader loads the cryptomodule into 
memory, the cryptomodule runs a DES MAC on the cryptomodule's disk image 
of FIPS.SYS, excluding the DES MAC, checksum, and export signature 
resources. This MAC is compared to the value stored in the DES MAC resource. 
Initialization will only succeed if the two values are equal. 

^ Top of page 

For More Information 

For the latest information on Windows 2000 Server, check out our World Wide 
Web site at http://www.mlcrosoft.com/windows2000 . 

^ Top of page 

Microsoft Kernel Mode Cryptographic Module 

Operating System 

FIPS 140-1 Documentation: Finite State Machine 

10/13/2000 8:07:04 AM 

Abstract 

This document specifies the finite state machine for the Kernel Mode 
Cryptographic Module (FIPS.SYS) as described in FIPS PUB 140-1. 

Top of page 

Introduction 

Microsoft Kernel Mode Cryptographic Module (FIPS.SYS) is a FIPS 140-1 Level 1 
compliant, general-purpose, software-based, cryptographic module residing at 
the Kernel Mode level of the Windows Operating System. It runs as a kernel 
mode export driver (a kernel-mode DLL) and encapsulates several different 
cryptographic algorithms in an easy-to-use cryptographic module accessible by 
other kernel mode drivers. It can be linked into other kernel mode services to 
permit the use of FIPS 140-1 Level 1 compliant cryptography. 

1^ Top of page <^ 

Finite State Machine 

The FIPS.SYS cryptomodule can be In exactly one of the following states at any 
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given moment. Transitions between states can be automatic or result from user 
intervention. 

States 

See Appendix A and B for more Information. 
Power Up 

The Power Up state is entered wlien Windows 2000 Loader calls the FIPS.SYS 
driver entry point function DriverEntryO during system boot. 

Power Down 

The Power Down state is entered when Windows 2000 Kernel calls the FIPS.SYS 
driver's unload function which was set in DriverUnload field of the DriverObJect 
representing FIPS.SYS during the Power Up state. 

Init Error 

The Init Error State Is entered when FIPS.SYS's DriverEntryO fails as a result of 
either configuration errors (i.e. not enough memory, etc.) or errors resulting 
from the power up self-tests. 

Initialized 

The Initialized state is entered when FIPS.SYS's DriverEntryO returns 
successfully and the Windows Loader completes the loading of FIPS.SYS. 

Key Initialized 

The Key Initialized state is entered after keys are formatted into a DESTable or 
DES3Table struct with FipsDesKeyO, Fips3Des3Key() . 

Operation Error 

The Operation Error state is entered whenever an error occurs as a result of a 
cryptographic operation. FIPS.SYS will automatically transition bacl< to either 
the Initialized or Key Initialized state depending on whether or not keys have 
been successfully formatted into a DESTable or DESBTable struct. 

State Transitions 

See Appendix A. 

State Diagrams 

See Appendix B. 

1^ Top of page 



Appendix A 

The following table describes the state transitions possible within the FIPS.SYS 
cryptomodule during operation. 





Current 
State 


input 


Output 


Next 
State 


1 


Power Up 


HPS. SYS loads 


NO_ERROR 


Initialized 


2 


Power Up 


FIPS.SYS not 
found 


STATUS.UNSUCCESSFUL 


Init Error 
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2 


Power Up 


DES MAC check on 
cryptographic 
provider fails 


STATUS_UNSUCCESSFUL 


Init Error 


2 


Power Up 


One or more 
power-on 
cryptographic self- 
tests fail 


STATUS.UNSUCCESSFUL 


Init Error 

i 


2 


Power Up 


System error 


STATUS_UNSUCCESSFUL 


Init Error 


3 


Init Error 


Automatic 
transition 


No output 


Power 
Down 


4 


Initialized 


Key formatting 
operation (i.e. 
FipsDesKeyO, 
Fips3Des3Key{) ) 
requested 


No output 


Key 

Initialized 


5 


Initialized 


Key formatting 
operation failure 


Operation specific error 
message 


Operation 
Error 


6 


Operation 
Error 


Automatic 
transition when 
keys have not yet 
been initialized 


No output 


Initialized 


7 


Key 

Initialized 


Generic 
cryptographic 
operation failure 


Operation specific error 
message 


Operation 
Error 


8 


Operation 
Error 


Automatic 
transition when 
keys have already 
been initialized 


No output 


Key 

Initialized 


9 


Key 

Initialized 


Generic 
cryptographic 
operation (i.e. 
FlpsDesO, 
Fips3Des(), or 
FlpsCBC 0) 
completed 


NO_ERROR 


Initialized 


10 


Initialized 


Automatic 
transition when 
Windows 2000 
Kernel calls the 
FIPS.SYS driver's 
unload function 


NO_ERROR 


Power 
Down 
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Appendix B 

The following diagram illustrates the finite state machine of the FIPS.SYS 
cryptomodule. 
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See full-sized image. 
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For More Information 

For the latest information on Windows 2000 Server, check out our World Wide 
Web site at http://www.microsoft.com/windows2000. 
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Microsoft Kernel Mode Cryptographic Module 

FIPS 140-1 Documentation: Master Component List 

10/13/2000 8:07:04 AM 

Abstract 

This document specifies the master component list for the Kernel Mode 
Cryptographic Module (FIPS. SYS) as described in FIPS PUB 140-1. Contents 

Top of page 

Master Component List 

The FIPS. SYS cryptomodule is a software cryptomodule and is intended to 
operate on a PC running Windows 2000 with Service Pack 2 or later. Several 
components of the base PC are also to be considered components of the 
cryptomodule. 

C mponents 

The following components are to be considered components of the 
cryptomodule (see Appendix A below): 
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• PC Enclosure 

• Central Processing Unit (CPU) 

• Physical Storage (Hard Drives and Removable Storage) 

• Memory (RAM and CMOS) 
'^ Top of page 

Appendix A 

The following diagram illustrates the master components of the RSAENH 
cryptomodule. 




See full-sized image. 
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For More Information 

For the latest information on Windows 2000 Server, check out our World Wide 
Web site at http://www.microsoft.com/windows2000 . 
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